We leave the following ones unchanged:
- geckodriver because the results are used to releases on github.
- sixgill because the script that creates it is not in-tree.
- *-dist-toolchain because sccache is not expecting a .tar.zst.
We use native tar support in most cases, except for toolchain scripts also
used on Windows, for which we use our zstdpy script.
Differential Revision: https://phabricator.services.mozilla.com/D124733
It used to be installed as a side effect of something else, but is not
installed anymore after the upgrade to Debian 11.
Differential Revision: https://phabricator.services.mozilla.com/D124984
It contains a more recent version of GTK, fixing some Wayland issues
that are still present in the 20.08 version (notably degraded
performance due to missing opaque region API in GTK).
Further more it ships more recent Mesa, which should also have
a positive effect on some hardware.
Differential Revision: https://phabricator.services.mozilla.com/D124801
We leave the following ones unchanged:
- geckodriver because the results are used to releases on github.
- sixgill because the script that creates it is not in-tree.
- *-dist-toolchain because sccache is not expecting a .tar.zst.
We use native tar support in most cases, except for toolchain scripts also
used on Windows, for which we use our zstdpy script.
Differential Revision: https://phabricator.services.mozilla.com/D124733
We leave the following ones unchanged:
- geckodriver because the results are used to releases on github.
- sixgill because the script that creates it is not in-tree.
- *-dist-toolchain because sccache is not expecting a .tar.zst.
We use native tar support in most cases, except for toolchain scripts also
used on Windows, for which we use our zstdpy script.
Differential Revision: https://phabricator.services.mozilla.com/D124733
We leave the following ones unchanged:
- geckodriver because the results are used to releases on github.
- sixgill because the script that creates it is not in-tree.
- *-dist-toolchain because sccache is not expecting a .tar.zst.
We use native tar support in most cases, except for toolchain scripts also
used on Windows, for which we use our zstdpy script.
Differential Revision: https://phabricator.services.mozilla.com/D124733
Bug 1631193 / D71448 reenabled the X11 socket on Wayland and disabled
the Wayland socket as the Wayland backend is not the default yet.
While giving access to the X11 socket by default was right,
dropping the Wayland socket makes testing it unnecessarily
complicated and provides negligible security benefits - Wayland,
in contrast to X11, is designed to be save. This is also reflected
in Flatpak: while for X11 there is the `fallback-x11` option,
the same is not exposed for Wayland.
Thus lets enable the Wayland socket again, in order so make testing
easier, helping making the Wayland backend the default sooner, which
then is an actual security benefit.
Differential Revision: https://phabricator.services.mozilla.com/D124139
In bug 1648029 / D110021, full Pipewire access was added to the
flatpak permissions to enable Pipewire based screen sharing.
It turned out that this was a bug in WebRTC which did not
use the file descriptor / socket from the xdg-portal, which would
grant only permissions to the requested stream. This was fixed in
bug 1726211 / D122904.
Drop full Pipewire access again.
This effectively reverts D110021
Differential Revision: https://phabricator.services.mozilla.com/D124133
The tasks that use that image can work fine on the normal image we use
for builds and toolchains, modulo scons being missing for one toolchain.
Differential Revision: https://phabricator.services.mozilla.com/D123719
A number of locales have a 3-letter language code, and by truncating
them we break automatic installation of the right langpacks.
Differential Revision: https://phabricator.services.mozilla.com/D123065
Explicitly add python2 to some docker images because it was
previously installed as a side effect of installing mercurial and is
required.
Differential Revision: https://phabricator.services.mozilla.com/D119379
Manually install some packages that were installed automatically somehow
and may matter.
Don't install packages already installed as part of the base image.
Differential Revision: https://phabricator.services.mozilla.com/D119368
Manually install some packages that were installed automatically somehow
and may matter.
Don't install packages already installed as part of the base image.
Differential Revision: https://phabricator.services.mozilla.com/D119366
This allows to remove all the steps already handled in the debian10-base
image. Also remove the install-node script that is not used, and
manually install some packages that were installed automatically somehow
and may matter.
Don't install packages already installed as part of the base image.
Differential Revision: https://phabricator.services.mozilla.com/D119364
It allows to remove a number of things that are setup through the base
image already, and to install the libc6 packages we built.
Differential Revision: https://phabricator.services.mozilla.com/D119260
The base docker images (both Ubuntu and Debian) have extra configuration
in /etc/apt/apt.conf.d/docker-clean that automatically cleans-up
downloaded .deb packages after they are installed, so we don't need to
do it again manually.
Differential Revision: https://phabricator.services.mozilla.com/D119242
This was only needed because the old docker server available through
docker-in-docker didn't support ARG, but now that we use kaniko (bug
1626058), we can use ARG, which most images already use, but for some
reason debian-raw still uses %ARG.
Differential Revision: https://phabricator.services.mozilla.com/D118784
This requires a backport of valgrind to buster instead of jessie (which
we don't need a backport for anymore). Somehow the buster-based
android-build was using the backport for jessie. It now can use the
backport for buster.
We now also need a few extra packages in the valgrind docker image that
used to be installed as a side effect of installing other packages, but
aren't installed automatically anymore, while necessary.
This allows to remove the debian8-amd64-build docker image, now unused.
We add a patch to workaround an issue with rust that was fixed in older
version of valgrind but that resurfaced in a slightly different manner.
Filed upstream as https://bugs.kde.org/show_bug.cgi?id=433641.
Finally, we update the suppressions to account for system changes.
Differential Revision: https://phabricator.services.mozilla.com/D106402
This requires a backport of valgrind to buster instead of jessie (which
we don't need a backport for anymore). Somehow the buster-based
android-build was using the backport for jessie. It now can use the
backport for buster.
We now also need a few extra packages in the valgrind docker image that
used to be installed as a side effect of installing other packages, but
aren't installed automatically anymore, while necessary.
This allows to remove the debian8-amd64-build docker image, now unused.
We add a patch to workaround an issue with rust that was fixed in older
version of valgrind but that resurfaced in a slightly different manner.
Filed upstream as https://bugs.kde.org/show_bug.cgi?id=433641.
Finally, we update the suppressions to account for system changes.
Differential Revision: https://phabricator.services.mozilla.com/D106402